Tageszusammenfassung - Montag 8-09-2014

End-of-Shift report

Timeframe: Freitag 05-09-2014 18:00 − Montag 08-09-2014 18:00 Handler: Robert Waldner Co-Handler: Alexander Riepl

Apple IDs targeted by Kelihos botnet phishing campaign

Botnet targets Apple customers, launching phishing email campaign to lure victims into disclosing their Apple IDs and passwords. Days after numerous celebrities were found to have their iCloud accounts compromised, a major botnet has turned its attention to Apple customers, launching a phishing email campaign ..

http://www.symantec.com/connect/blogs/apple-ids-targeted-kelihos-botnet-phishing-campaign


USB firmware: An upcoming threat for home and enterprise users

Every year, thousands of hackers and security researchers from around the world descend on Las Vegas to attend the annual Black Hat security conference. The conference boasts top notch security presentations from industry leaders - often centered on breaking computer security. Although many of the presentations are on breaking things, most of the ..

http://blogs.technet.com/b/mmpc/archive/2014/09/02/usb-firmware-an-upcoming-threat-for-home-and-enterprise-users.aspx


Stupid Spammer Tricks - Reversing Characters

Spammers engaged in phishing attacks constantly try to get their emails past spam filters. They try many different tactics, and these can include taking advantage of HTML coding characteristics. These HTML tricks can make the email look normal when rendered in a mail client, but the actual ..

http://blog.spiderlabs.com/2014/09/stupid-spammer-tricks-reversing-characters.html


Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted

Mozilla has deprecated 1024-bit RSA certificate authority certificates in Firefox 32 and Thunderbird. While there are pluses to the move such as a requirement for longer, stronger keys, at least 107,000 websites will no longer be trusted by Mozilla. Data from HD Moores Project Sonar, which ..

http://it.slashdot.org/story/14/09/05/2120246/mozilla-1024-bit-cert-deprecation-leaves-107000-sites-untrusted


Cisco Integrated Management Controller SSH Denial of Service Vulnerability

A vulnerability in the Cisco Integrated Management Controller (Cisco IMC) SSH module of the Cisco Unified Computing System E-Series Blade servers could allow an unauthenticated, remote attacker to cause a denial of service condition.

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3348


Nuclear Exploit Kit and Flash CVE-2014-0515

For this blog, wed like to walk you through a recent attack involving Nuclear Exploit Kit (EK) that we analyzed. It was found leveraging CVE-2014-0515, a buffer overflow in Adobe Flash Player discovered in April 2014. Nuclear Exploit kit ..

http://research.zscaler.com/2014/09/nuclear-exploit-kit-and-flash-cve-2014.html


WPS-Sicherheitslücke: Wahrscheinlich wenige Router betroffen

Auf Anfrage von heise Netze haben sich einige Hersteller von in Deutschland verbreiteten Routern zur Sicherheitslücke in WPS-PIN geäussert, bei der sich die Zugangsnummer offline errechnen lässt.

http://www.heise.de/security/meldung/WPS-Sicherheitsluecke-Wahrscheinlich-wenige-Router-betroffen-2356535.html


Popular Photo Sharing Website Likes.com Vulnerable To Multiple Critical Flaws

Likes.com, one of the emerging social networking site and popular image browsing platform, is found vulnerable to several critical vulnerabilities that could allow an attacker to completely delete users' account in just one click. Likes.com is a social networking website that helps you to connect ..

http://thehackernews.com/2014/09/popular-photo-sharing-website.html


Demasking Google Users With a Timing Attack

A 3rd party site can determine if a website viewer has access to a particular Google Drive document. ... How it works: The attack is straightforward. A malicious page repeatedly instantiates an image whose source points at the URL of a Google Drive document. If that document is viewable by the ..

http://blog.andrewcantino.com/blog/2014/09/04/demasking-google-users-with-a-timing-attack/


Bugtraq: [security bulletin] HPSBUX03102 SSRT101681 rev.1 - HP-UX Apache Server Suite running Apache Tomcat or PHP, Remote Execution of Arbitrary Code and Denial of Service (DoS) and Other Vulnerabilities

http://www.securityfocus.com/archive/1/533370


iCloud: Apple verschickt neue Warnhinweise

Nach den aus iCloud-Accounts entwendeten Promi-Nacktfotos hat Apple damit begonnen, neue Benachrichtigungen zu versenden, wenn auf den Cloud-Dienst zugegriffen wird. Weitere Schutzfunktionen sind angekündigt.

http://www.heise.de/security/meldung/iCloud-Apple-verschickt-neue-Warnhinweise-2369771.html